Solved

displaying username in websphere access log

Posted on 2011-03-08
7
1,234 Views
Last Modified: 2012-05-11

There is a Websphrere NCSA access log (Common option) which should have the following layout:
host, rfc931, username, date:time, request, statuscode, bytes

I see a real access log file where the username is not displayed and "-" in displayed instead.

How can I enable displaying the username in the access log?
0
Comment
Question by:pavelmed
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 

Author Comment

by:pavelmed
ID: 35072240
So the actual layout looks like this (exxept there are no commas.  I added them here just to separate the fields in this message.
host, -, -, date:time, request, statuscode, bytes.

I need to analyze the access, so basically I need: username, date:time, request.

date:time and request are present in the actual log file, but I need username as well.

Please assist.
0
 
LVL 35

Expert Comment

by:Gary Patterson
ID: 35073633
Username is only populated in the NCSA log if HTTP Basic User authentication is used.  Since you're getting "-", t probably means that HTTP basic authentication isn't being used.

What WAS version are you using, and what authentication mechanism is in use for this application?

- Gary Patterson
0
 

Author Comment

by:pavelmed
ID: 35074012
Thank you for your answer.
I am not connected to that server now and I can't check the WAS version, but the authentication is definitely not HTTP basic.  So that's explains the "-" in the log file.

Then the question is: how to get username.
One option would be to enable "combined" mode with cookies which would contain user id.
However I checked a configuration file on that WAS server, and while it has a commented out option (see below), it does not specify cookies.
How should I add cookies to the log?
Is it done just by adding \"%{Cookies}i\" to the LogFormat statement (similar to "Referer")?
Also, if yes, how to refresh WAS settings (after uncommenting the statements, of course)?  
Should the WebSphere be stopped and restarted fro the log file options changes to take effect?
Thank you.

#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
#CustomLog logs/combined.log combined
0
Don't Miss ATEN at InfoComm 2017!

Visit booth #2167 to see the  new ATEN VM3200 32 x 32 Modular Matrix Switch. Other highlights include the VE8950 4K HDMI Over IP Extender, VS1912 12-Port DP Video Wall Media Player  and VK2100 ATEN Control System. Register now with Free Pass Code ATEN288!

 
LVL 35

Accepted Solution

by:
Gary Patterson earned 500 total points
ID: 35084368
How to get username:  Depends on the authorization method that is in use.  What authorization method is being used?

Assuming that the username is actually stored in a cookie, then enabling combined logging should get it for you.  

Combined NCSA Log:

http://publib.boulder.ibm.com/tividd/td/ITWSA/ITWSA_info45/en_US/HTML/guide/c-logs.html#ncsa

IBM HTTP Server is based on Apache.  Apache Logformat format strings:

http://httpd.apache.org/docs/2.0/mod/mod_log_config.html

Use \"%{Cookie}i\" (not "cookies")

HTTP Header fields:

http://en.wikipedia.org/wiki/List_of_HTTP_header_fields

Remember to backup your current config before making changes

Then make your changes and restart the IBM HTTP Server to enable the new settings:

http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp

- Gary Patterson
0
 

Author Comment

by:pavelmed
ID: 35133389
Sorry for the delay - I could not get a chance to login to the WAS to check how the access log would work.
Today I got the connection, and made the changes inserting cookies into the access.log file - the cookies were inserted, but I can't use them because the info in cookies is encrypted because of SSL transaction, and I can't extract the username from there.

Are there any other ways to force WAS access log to log usernames so that they could be extracted from the access.log file?
0
 
LVL 1

Expert Comment

by:WebSphereGoddess
ID: 35156819
how are you trying to view the access.log, are you bringing it into ISA workbench and trying to analyze or are you trying to parse the data?  
Are you running windows or unix?
If you can go to your <websphere>/bin directory and run the versionInfo.bat for win and ./versionInfo.sh for unix.  Let me know if you 6.1 or 7.0  so I know the Access Log filter set to suggest.  There are filter sets you can use:
    * What was requested
    * When it was requested
    * Who requested it
    * The method of the request
    * The type of file that your server sent in response to the request
    * The return code, which indicates whether or not the request was successful
    * The size of the data that was sent
I believe your looking for the "WHO" part.
0
 

Author Comment

by:pavelmed
ID: 35184541
I am closing this question.  I was unable to get the username from the access.log file because it is not passed to it, the log file only has "-" in place of it,  The authentication is done by another program.
I am running UNIX.

I am assigning points to Gary.  Thanks to all who looked into the question.
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Configure Web Service (server application) I. Configure security for Web Services methods First, we need to protect Session bean which implements the service: 1. Open EJB deployment descriptor (ejb-jar.xml) in the EJB project that contains you…
Most of the developers using Tomcat find it easy to configure the datasource in Server.xml and use the JNDI name in the code to get the connection.  So the default connection pool using DBCP (or any other framework) is made available and the life go…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question